-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2014.0066
A number of vulnerabilities have been identified in Mozilla
Firefox, Mozilla Firefox ESR and Thunderbird
11 June 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Mozilla Firefox
Mozilla Firefox ESR
Mozilla Thunderbird
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Android
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Provide Misleading Information -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2014-1543 CVE-2014-1542 CVE-2014-1541
CVE-2014-1540 CVE-2014-1539 CVE-2014-1538
CVE-2014-1537 CVE-2014-1536 CVE-2014-1534
CVE-2014-1533
Member content until: Friday, July 11 2014
OVERVIEW
A number of vulnerabilities have been identified in Mozilla
Firefox, Mozilla Firefox ESR and Thunderbird.
IMPACT
The vendor has provided the following details regarding these
vulnerabilities:
CVE-2014-1533,CVE-2014-1534:"Mozilla developers and community
identified identified and fixed several memory safety bugs in the
browser engine used in Firefox and other Mozilla-based products.
Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at
least some of these could be exploited to run arbitrary code." [1]
CVE-2014-1536,CVE-2014-1537,CVE-2014-1538:"Security researcher
Abhishek Arya (Inferno) of the Google Chrome Security Team
discovered a number of use-after-free and out of bounds read issues
using the Address Sanitizer tool. These issues are potentially
exploitable, allowing for remote code execution." [2]
CVE-2014-1539:"Security researcher Jordi Chancel reported a
mechanism where the cursor can be rendered invisible after it has
been used on an embedded flash object when used outside of the
object. This flaw can be in used in combination with an image of the
cursor manipulated through JavaScript, leading to clickjacking
during interactions with HTML content subsequently. This issue only
affects OS X and is not present on Windows or Linux systems." [3]
CVE-2014-1540:"Security researchers Tyson Smith and Jesse
Schwartzentruber of the BlackBerry Security Automated Analysis Team
used the Address Sanitizer tool while fuzzing to discover a
use-after-free in the event listener manager. This can be triggered
by web content and leads to a potentially exploitable crash. This
issue was introduced in Firefox 29 and does not affect earlier
versions." [4]
CVE-2014-1541:"Security researcher Nils used the Address Sanitizer
to discover a use-after-free problem with the SMIL Animation
Controller when interacting with and rendering improperly formed web
content. This causes a potentially exploitable crash." [5]
CVE-2014-1542:"Security researcher Holger Fuhrmannek used the used
the Address Sanitizer tool to discover a buffer overflow with the
Speex resampler in Web Audio when working with audio content that
exceeds expected bounds. This leads to a potentially exploitable
crash." [6]
CVE-2014-1543:"Security researcher Looben Yang reported a buffer
overflow in Gamepad API when it is exercised with a gamepad device
with non-contiguous axes. This can be either an actual physical
device or by the installation of a virtual gamepad. This results in
a potentially exploitable crash. The Gamepad API was introduced in
Firefox 29 and this issue does not affect earlier versions." [7]
MITIGATION
It is recommended that users update to the latest versions of
Mozilla Firefox, Firefox ESR and Thunderbird to correct these
issues. [1-7]
REFERENCES
[1] Mozilla Foundation Security Advisory 2014-48
https://www.mozilla.org/security/announce/2014/mfsa2014-48.html
[2] Mozilla Foundation Security Advisory 2014-49
https://www.mozilla.org/security/announce/2014/mfsa2014-49.html
[3] Mozilla Foundation Security Advisory 2014-50
https://www.mozilla.org/security/announce/2014/mfsa2014-50.html
[4] Mozilla Foundation Security Advisory 2014-51
https://www.mozilla.org/security/announce/2014/mfsa2014-51.html
[5] Mozilla Foundation Security Advisory 2014-52
https://www.mozilla.org/security/announce/2014/mfsa2014-52.html
[6] Mozilla Foundation Security Advisory 2014-53
https://www.mozilla.org/security/announce/2014/mfsa2014-53.html
[7] Mozilla Foundation Security Advisory 2014-54
https://www.mozilla.org/security/announce/2014/mfsa2014-54.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBU5e2DxLndAQH1ShLAQL7RQ/+L31hh45C95rUP9jfYn/GZzfs3qqvH15F
O+jJfFcQr0hhy8iOvyD6wOF5DycPXWNRZMQbs0guFAmjCZPHLyzRcMJX8mX2hez1
LmJ+4bAb/t1rt5+h6k95unFOaqOGRg90CSuEMtaLg90SitIVysrKBNLXOCwN5rYJ
UFe5J5sjRy+dKl/ukEjvpSMj5M+A9eb7emtZy0q4l8bCcux27T9aTBqlLTkF2FGS
3f5+w93HgjcbOPXRVUlD/nZM9JxAL37lJARW7rp64bMYwqVsfaNkeXO9Q9yQzMQK
BJMt4p7Y2q4QpU7teSAO0gytieCdu7r92LaZS279sXN2UoMap9+sMIxPiC382kmt
oQ/SyfD4gxqPYR4ZXmFMxoOSRVuHi18cQCp3m8jQTGmiHy7wDYng7tRrqvszMNPH
G4/rd0Zb6oeW9reumfpCCjy8jVfqjdJpW2IcxJQX1LkfYDEUPUCpHGHiqv5KfilC
h1TyVt15FL0xS/2LwR3wILviEFuvM3rDIRGG8Fat6SLMsKFwZivrRKrvlp4PqpaD
nt9OPcn0ubhks0nqIHjF4gfJy9ZtY+uX++9rlnGBXkYYMOt7ycWDlikE96aBzREX
Z2Jb1A1Ya2SA8z7oIz4HCXKp3/OcEFbDI7jR0F+sJe159dibiTsTuDPuSnA2mRqX
vGS9JAiKQzQ=
=UNyQ
-----END PGP SIGNATURE-----